Wednesday, August 31, 2022

DoD grants fund cybersecurity research for maritime industry - SC Media

DoD grants fund cybersecurity research for maritime industry  SC Media
http://dlvr.it/SXZhWx

Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability

Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a critical security flaw that has been actively exploited in the wild. The issue, tracked as CVE-2022-32893 (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. The tech
http://dlvr.it/SXZgYL

(ISC)² Launches Certified in Cybersecurity Entry-Level Certification to Address Global Workforce Gap - PR Newswire

(ISC)² Launches Certified in Cybersecurity Entry-Level Certification to Address Global Workforce Gap  PR Newswire
http://dlvr.it/SXYPJk

Chinese Hackers Used ScanBox Framework in Recent Cyber Espionage Attacks

A months-long cyber espionage campaign undertaken by a Chinese nation-state group targeted several entities with reconnaissance malware so as to glean information about its victims and meet its strategic goals. "The targets of this recent campaign spanned Australia, Malaysia, and Europe, as well as entities that operate in the South China Sea," enterprise security firm Proofpoint said in a
http://dlvr.it/SXXrqD

Tuesday, August 30, 2022

Tech, Cyber Companies Launch Security Standard to Monitor Hacking Attempts - The Wall Street Journal

Tech, Cyber Companies Launch Security Standard to Monitor Hacking Attempts  The Wall Street Journal
http://dlvr.it/SXWFn2

New top secret Sydney cyber security centre operational - Cyber Security Connect

New top secret Sydney cyber security centre operational  Cyber Security Connect
http://dlvr.it/SXVzd0

Chinese attack on Australia exposed - news.com.au

Chinese attack on Australia exposed  news.com.au
http://dlvr.it/SXVcHt

Powering Up the Energy Sector’s Security Posture - Cyber Security News

Powering Up the Energy Sector’s Security Posture  Cyber Security News
http://dlvr.it/SXV9zf

FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones

The U.S. Federal Trade Commission (FTC) on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers' mobile devices. The complaint alleges that the U.S. company amasses a "wealth of information" about users by purchasing data from other data brokers to sell to its own clients. "Kochava then sells
http://dlvr.it/SXTfD8

Monday, August 29, 2022

Industry suffers from 'lack of proper education' around cyber security - ifa

Industry suffers from 'lack of proper education' around cyber security  ifa
http://dlvr.it/SXS48Y

U.S. and Israel Strengthen Cybersecurity Partnership - Nextgov

U.S. and Israel Strengthen Cybersecurity Partnership  Nextgov
http://dlvr.it/SXRq2Q

New Golang-based 'Agenda Ransomware' Can Be Customized For Each Victim

A new ransomware strain written in Golang dubbed "Agenda" has been spotted in the wild, targeting healthcare and education entities in Indonesia, Saudi Arabia, South Africa, and Thailand. "Agenda can reboot systems in safe mode, attempts to stop many server-specific processes and services, and has multiple modes to run," Trend Micro researchers said in an analysis last week. Qilin, the threat
http://dlvr.it/SXRTpg

Minister: Friday's cyber-attack on private media part of consistent pattern - ERR News

Minister: Friday's cyber-attack on private media part of consistent pattern  ERR News
http://dlvr.it/SXR3qd

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked as CVE-2021-38406 (CVSS score: 7.8), impacts DOPSoft 2 versions 2.00.07 and prior. A successful
http://dlvr.it/SXQY9c

Saturday, August 27, 2022

How to build a 'cybersecurity ready' organizational culture - World Economic Forum

How to build a 'cybersecurity ready' organizational culture  World Economic Forum
http://dlvr.it/SXM0yD

What Cybersecurity Teams Can Learn From the US Cyber Command's 'Hunt Forward' - Security Intelligence

What Cybersecurity Teams Can Learn From the US Cyber Command's 'Hunt Forward'  Security Intelligence
http://dlvr.it/SXLpWy

Booz Allen starts entry-level cybersecurity staffers at up to $150,000 - Fortune

Booz Allen starts entry-level cybersecurity staffers at up to $150,000  Fortune
http://dlvr.it/SXLZ5B

Cybersecurity on the board: How the CISO role is evolving for a new era - Tech Monitor

Cybersecurity on the board: How the CISO role is evolving for a new era  Tech Monitor
http://dlvr.it/SXLG5V

Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability’s long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater (aka Cobalt Ulster, Mercury, Seedworm, or Static Kitten), which is linked to the Iranian intelligence
http://dlvr.it/SXKwsQ

Friday, August 26, 2022

VA CIO Emphasizes Role of Automation, Cybersecurity in Tech Strategy - GovernmentCIO Media & Research

VA CIO Emphasizes Role of Automation, Cybersecurity in Tech Strategy  GovernmentCIO Media & Research
http://dlvr.it/SXJqC3

Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center

Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as CVE-2022-36804 (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. “An
http://dlvr.it/SXJYn0

Cyber Security Today, August 26, 2022 - Protect your Active Directory servers, a huge text-based phishing scam found and more - IT World Canada

Cyber Security Today, August 26, 2022 - Protect your Active Directory servers, a huge text-based phishing scam found and more  IT World Canada
http://dlvr.it/SXJDsk

AmiViz onboards Cyber Security Works - Trade Arabia

AmiViz onboards Cyber Security Works  Trade Arabia
http://dlvr.it/SXHrGC

Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework

Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control (C2) framework in their intrusion campaigns as a replacement for Cobalt Strike. “Given Cobalt Strike’s popularity as an attack tool, defenses against it have also improved over time,” Microsoft security experts said. “Sliver thus presents an attractive alternative for actors looking for a
http://dlvr.it/SXHLzz

Thursday, August 25, 2022

The 11 most-prevalent malware strains of 2021 fuel cybercrime - Cybersecurity Dive

The 11 most-prevalent malware strains of 2021 fuel cybercrime  Cybersecurity Dive
http://dlvr.it/SXFpdc

Cyber security threats 'need very real action' following overhaul - Lawyers Weekly

Cyber security threats 'need very real action' following overhaul  Lawyers Weekly
http://dlvr.it/SXFXpw

The 'Trojan Horse' and the workforce: Job threats are focus of discussion during House hearing on cybersecurity - cityandstatepa.com

The 'Trojan Horse' and the workforce: Job threats are focus of discussion during House hearing on cybersecurity  cityandstatepa.com
http://dlvr.it/SXFB7c

U.S. Government Spending Billions on Cybersecurity

In recent months, the House of Representatives has been hard at work drafting various spending bills for the 2023 fiscal year. While these bills provide funding for a vast array of government programs and agencies, there was one thing that really stands out. Collectively, the bills that are making their way through the house allocate a staggering $15.6 billion to cybersecurity spending. As you
http://dlvr.it/SXDlc9

PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks

The Python Package Index, PyPI, on Wednesday sounded the alarm about an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to legitimate packages. "This is the first known phishing attack against PyPI," the maintainers of the official third-party software repository said in a series of tweets. The social engineering attack entails sending
http://dlvr.it/SXDDLH

Wednesday, August 24, 2022

US NAIC Summer 2022 National Meeting Key Takeaways: Innovation, Cybersecurity, and Technology | Perspectives & Events - Mayer Brown

US NAIC Summer 2022 National Meeting Key Takeaways: Innovation, Cybersecurity, and Technology | Perspectives & Events  Mayer Brown
http://dlvr.it/SXB1gj

Crypto Miners Using Tox P2P Messenger as Command and Control Server

Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format (ELF) artifact ("72client") that functions as a bot and can run scripts on the compromised host using the Tox protocol. Tox
http://dlvr.it/SXB1VW

Guide: How Service Providers can Deliver vCISO Services at Scale

From ransomware to breaches, from noncompliance penalties to reputational damage – cyberthreats pose an existential risk to any business. But for SMEs and SMBs, the danger is compounded. These companies realize they need an in-house Chief Information Security Officer (CISO) – someone who can assess risks and vulnerabilities, create and execute a comprehensive cybersecurity plan, ensure
http://dlvr.it/SX9ZnT

Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts

Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps. The malware, which Doctor Web first came across in July 2022, were discovered in the system partition of at least four different smartphones: P48pro, radmi note 8, Note30u, and Mate40, was "These
http://dlvr.it/SX94Pz

CVE-2022-36728

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php. (CVSS:7.5) (Last Update:2022-08-22)
http://dlvr.it/SX94MR

Wednesday, August 3, 2022

VMware Releases Patches for Several New Flaws Affecting Multiple Products

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues, tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8), impact VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager
http://dlvr.it/SVzyj0

Tuesday, August 2, 2022

Top Three Use Cases for AI in Cybersecurity - Data Center Knowledge

Top Three Use Cases for AI in Cybersecurity  Data Center Knowledge
http://dlvr.it/SVyGYC

Updates to Cybersecurity Pages - Boston.gov

Updates to Cybersecurity Pages  Boston.gov
http://dlvr.it/SVxzMP

Vulnerabilities in GPS tracker could put 1.5 million vehicles in danger | Cyber Security Hub - Cyber Security Hub

Vulnerabilities in GPS tracker could put 1.5 million vehicles in danger | Cyber Security Hub  Cyber Security Hub
http://dlvr.it/SVxcMN

Chinese Hackers Using New Manjusaka Hacking Framework Similar to Cobalt Strike

Researchers have disclosed a new offensive framework called Manjusaka that they call a "Chinese sibling of Sliver and Cobalt Strike." "A fully functional version of the command-and-control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this
http://dlvr.it/SVx8Yn

LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads.  According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server. "Once initial
http://dlvr.it/SVwbym

Monday, August 1, 2022

Vetted Software Developer & Cybersecurity Remote Staffing Service Announced - Digital Journal

Vetted Software Developer & Cybersecurity Remote Staffing Service Announced  Digital Journal
http://dlvr.it/SVtyLZ

Yale to Partner in NSF Program Advancing Cybersecurity and Privacy - Yale University

Yale to Partner in NSF Program Advancing Cybersecurity and Privacy  Yale University
http://dlvr.it/SVtgGR

Most cyberattacks come from ransomware, email compromise - Cybersecurity Dive

Most cyberattacks come from ransomware, email compromise  Cybersecurity Dive
http://dlvr.it/SVtKQq

Two Key Ways Development Teams Can Increase Their Security Maturity

Now more than ever, organizations need to enable their development teams to build and grow their security skills. Today organizations face a threat landscape where individuals, well-financed syndicates, and state actors are actively trying to exploit errors in software. Yet, according to recent global research, 67% of developers that were interviewed said they were still shipping code they knew
http://dlvr.it/SVsv75

Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers

The operators of the Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims. "In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files," Trend Micro researchers Buddy Tancio and Jed Valderama said in a write-up last week. The findings
http://dlvr.it/SVsLx4

Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware

Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vect...